we want hmac-sha256 support in tsig (if supported by openssl) even if we do not confi...

diff --git a/Changelog b/Changelog
index 47a0d51803a46bfb8f459c7770a08a0ca2b03473..8774392fd93b806107e10df556c53c8c01f4adf6 100644 (file)
--- a/Changelog
+++ b/Changelog
@@ -6,8 +6,7 @@
        * Bitmask fix in EDNS handling
        * Fixed non-fqdn domain name completion for rdata field domain
          names of length 1
-       * Fixed chasing with SHA256 DS records
-       
+       * Fixed chain validation with SHA256 DS records
 
 1.6.0
        Additions:

diff --git a/configure.ac b/configure.ac
index 7ed159251c62f82bc88f69826e12b6ee687481e6..1621d438f73d2e8db62fe2cdf3a6745262ceceea 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -77,6 +77,8 @@ AC_CHECK_PROG(doxygen, doxygen, doxygen)
 
 ACX_WITH_SSL_OPTIONAL
 
+AC_CHECK_FUNC([EVP_sha256], AC_DEFINE_UNQUOTED([HAVE_EVP_SHA256], [1], [Define this when there is EVP_SHA256 support]))
+
 # Use libtool 
 ACX_LIBTOOL_C_ONLY
 

diff --git a/tsig.c b/tsig.c
index 49aab0b25f216f50e7e37a304b3e037a86b4c376..cd6b7697085bd3f674ab7d587c83ace20a6c4264 100644 (file)
--- a/tsig.c
+++ b/tsig.c
@@ -129,10 +129,10 @@ ldns_digest_function(char *name)
        /* these are the mandatory algorithms from RFC4635 */
        /* The optional algorithms are not yet implemented */   
        if (strlen(name) == 12 && strncasecmp(name, "hmac-sha256.", 11) == 0) {
-#ifdef USE_SHA2
+#ifdef HAVE_EVP_SHA256
                return EVP_sha256();
 #else
-               return NULL;    
+               return NULL;
 #endif         
        } else if (strlen(name) == 10 && strncasecmp(name, "hmac-sha1.", 9) == 0)
                return EVP_sha1();